Cluster Setup

Set up the required namespace and permissions for Kubetrace by following the steps below.

Prerequisites

Before running the onboarding script, ensure you have:

kubectl installed and configured
Access to your Kubernetes cluster
Admin privileges or appropriate permissions
Azure CLI (for Azure clusters)

Step 1: Prepare to Execute the Script

Once you have selected your Cloud provider and Cluster in the Kubetrace platform:

Navigate to Step 3 of the platform
Copy the script for creating a Readonly Service Account
Ensure all prerequisites are satisfied before running the script

Step 2: Execute the Onboarding Script

Select your cloud provider and follow the corresponding instructions:

Azure (AKS)
AWS (EKS)
GCP (GKE)
Vultr (VKE)

Prerequisites for Azure

Azure CLI installed and configured
Access to your AKS cluster
Admin privileges or appropriate permissions

Azure Onboarding Script

#!/bin/bash
set -euo pipefail

cat <<'EOF'

██   ██ ██    ██ ██████  ███████ ████████ ██████   █████   ██████ ███████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██      ██
█████   ██    ██ ██████  █████      ██    ██████  ███████ ██      █████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██      ██
██   ██  ██████  ██████  ███████    ██    ██   ██ ██   ██  ██████ ███████

EOF

# ======== Input Arguments ========
if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <cluster-name> <kubeconfig-output-path>"
  exit 1
fi

CLUSTER_CONTEXT="$1"
KUBECONFIG_OUTPUT="$2"
ADMIN_CONTEXT="${CLUSTER_CONTEXT}-admin"

# ======== Configurable Constants ========
NAMESPACE="kubetrace-readonly"
SA_NAME="kubetrace-readonly-user"
CLUSTER_ROLE="kubetrace-readonly-clusterrole"
CLUSTER_BINDING="kubetrace-readonly-binding"

# ======== Create Namespace ========
echo "🔧 Creating namespace: $NAMESPACE"
if ! kubectl get ns "$NAMESPACE" >/dev/null 2>&1; then
  kubectl create namespace "$NAMESPACE"
fi

# ======== Create Service Account ========
echo "🔧 Creating service account: $SA_NAME"
if ! kubectl -n "$NAMESPACE" get sa "$SA_NAME" >/dev/null 2>&1; then
  kubectl -n "$NAMESPACE" create sa "$SA_NAME"
fi

# ======== Create ClusterRole ========
echo "🔧 Creating ClusterRole: $CLUSTER_ROLE"
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: $CLUSTER_ROLE
rules:
- apiGroups: [""]
  resources: ["pods", "services", "endpoints", "nodes", "configmaps", "secrets", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
  resources: ["jobs", "cronjobs"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["roles", "rolebindings", "clusterroles", "clusterrolebindings"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
  resources: ["networkpolicies", "ingresses", "ingressclasses"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
  resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities", "volumeattachments"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["metrics.k8s.io"]
  resources: ["nodes", "pods"]
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["serviceaccounts/token"]
  verbs: ["create"]
  resourceNames: ["$SA_NAME"]
EOF

# ======== Create ClusterRoleBinding ========
echo "🔧 Creating ClusterRoleBinding: $CLUSTER_BINDING"
kubectl create clusterrolebinding "$CLUSTER_BINDING" \
  --clusterrole="$CLUSTER_ROLE" \
  --serviceaccount="$NAMESPACE:$SA_NAME" \
  --dry-run=client -o yaml | kubectl apply -f -

# ======== Generate Token ========
echo "🔑 Generating token for service account..."
TOKEN=$(kubectl -n "$NAMESPACE" create token "$SA_NAME")

# ======== Build Kubeconfig ========
echo "🧩 Building kubeconfig for readonly access..."
CLUSTER_NAME=$(kubectl config view -o jsonpath="{.contexts[?(@.name=='${CLUSTER_CONTEXT}')].context.cluster}")
API_SERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name=='${CLUSTER_NAME}')].cluster.server}")
CA_DATA=$(kubectl config view --raw -o jsonpath="{.clusters[?(@.name=='${CLUSTER_NAME}')].cluster.certificate-authority-data}")

cat > "$KUBECONFIG_OUTPUT" <<EOF
apiVersion: v1
kind: Config
clusters:
- name: $CLUSTER_NAME
  cluster:
    server: $API_SERVER
    certificate-authority-data: $CA_DATA
users:
- name: $SA_NAME
  user:
    token: $TOKEN
contexts:
- name: ${SA_NAME}-context
  context:
    cluster: $CLUSTER_NAME
    user: $SA_NAME
current-context: ${SA_NAME}-context
EOF

echo
echo "✅ Done! Read-only kubeconfig written to: $KUBECONFIG_OUTPUT"
echo "👉 Use it like:"
echo "   kubectl --kubeconfig=$KUBECONFIG_OUTPUT get pods --all-namespaces"

Usage Example

./kubetrace-azure.sh my-aks-cluster readonly-kubeconfig.yaml

Prerequisites for AWS

AWS CLI installed and configured
Access to your EKS cluster
Appropriate IAM permissions

AWS Onboarding Script

#!/bin/bash
set -euo pipefail

cat <<'EOF'

██   ██ ██    ██ ██████  ███████ ████████ ██████   █████   ██████ ███████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██      ██
█████   ██    ██ ██████  █████      ██    ██████  ███████ ██      █████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██      ██
██   ██  ██████  ██████  ███████    ██    ██   ██ ██   ██  ██████ ███████

EOF

if [ "$#" -ne 3 ]; then
  echo "Usage: $0 <aws-region> <cluster-name> <kubeconfig-output-path>"
  exit 1
fi

AWS_REGION="$1"
CLUSTER_NAME="$2"
KUBECONFIG_OUTPUT="$3"

command -v aws >/dev/null 2>&1 || { echo "❌ aws CLI not found."; exit 1; }
command -v kubectl >/dev/null 2>&1 || { echo "❌ kubectl not found."; exit 1; }

echo "🔧 Fetching EKS cluster information..."
aws eks update-kubeconfig --name "$CLUSTER_NAME" --region "$AWS_REGION" >/dev/null 2>&1
EKS_CONTEXT=$(kubectl config current-context)

KUBECTL_EKS="kubectl --context=$EKS_CONTEXT"

NAMESPACE="kubetrace-readonly"
SA_NAME="kubetrace-readonly-user"
CLUSTER_ROLE="kubetrace-readonly-clusterrole"
CLUSTER_BINDING="kubetrace-readonly-binding"

echo "🔧 Creating namespace: $NAMESPACE"
if ! $KUBECTL_EKS get ns "$NAMESPACE" >/dev/null 2>&1; then
  $KUBECTL_EKS create namespace "$NAMESPACE"
fi

echo "🔧 Creating service account: $SA_NAME"
if ! $KUBECTL_EKS -n "$NAMESPACE" get sa "$SA_NAME" >/dev/null 2>&1; then
  $KUBECTL_EKS -n "$NAMESPACE" create sa "$SA_NAME"
fi

echo "🔧 Creating ClusterRole: $CLUSTER_ROLE"
$KUBECTL_EKS apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: $CLUSTER_ROLE
rules:
- apiGroups: [""]
  resources: ["pods", "services", "endpoints", "nodes", "configmaps", "secrets", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
  resources: ["jobs", "cronjobs"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["roles", "rolebindings", "clusterroles", "clusterrolebindings"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
  resources: ["networkpolicies", "ingresses", "ingressclasses"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
  resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities", "volumeattachments"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["metrics.k8s.io"]
  resources: ["nodes", "pods"]
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["serviceaccounts/token"]
  verbs: ["create"]
  resourceNames: ["$SA_NAME"]
EOF

echo "🔧 Creating ClusterRoleBinding: $CLUSTER_BINDING"
$KUBECTL_EKS create clusterrolebinding "$CLUSTER_BINDING" \
  --clusterrole="$CLUSTER_ROLE" \
  --serviceaccount="$NAMESPACE:$SA_NAME" \
  --dry-run=client -o yaml | $KUBECTL_EKS apply -f -

echo "🔑 Generating token for service account..."
TOKEN=$($KUBECTL_EKS -n "$NAMESPACE" create token "$SA_NAME")

echo "🧩 Building kubeconfig for readonly access..."
CLUSTER_INFO=$(kubectl config view -o jsonpath="{.contexts[?(@.name=='$EKS_CONTEXT')].context.cluster}")
API_SERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name=='$CLUSTER_INFO')].cluster.server}")
CA_DATA=$(kubectl config view --raw -o jsonpath="{.clusters[?(@.name=='$CLUSTER_INFO')].cluster.certificate-authority-data}")

cat > "$KUBECONFIG_OUTPUT" <<EOF
apiVersion: v1
kind: Config
clusters:
- name: $CLUSTER_INFO
  cluster:
    server: $API_SERVER
    certificate-authority-data: $CA_DATA
users:
- name: $SA_NAME
  user:
    token: $TOKEN
contexts:
- name: ${SA_NAME}-context
  context:
    cluster: $CLUSTER_INFO
    user: $SA_NAME
current-context: ${SA_NAME}-context
EOF

echo
echo "✅ Done! Read-only kubeconfig written to: $KUBECONFIG_OUTPUT"
echo "👉 Use it like:"
echo "   kubectl --kubeconfig=$KUBECONFIG_OUTPUT get pods --all-namespaces"

Usage Example

./kubetrace-aws.sh us-east-1 my-eks-cluster readonly-kubeconfig.yaml

Prerequisites for GCP

Google Cloud CLI (gcloud) installed and configured
Access to your GKE cluster
Appropriate IAM permissions

GCP Onboarding Script

#!/bin/bash
set -euo pipefail

cat <<'EOF'

██   ██ ██    ██ ██████  ███████ ████████ ██████   █████   ██████ ███████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██      ██
█████   ██    ██ ██████  █████      ██    ██████  ███████ ██      █████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██      ██
██   ██  ██████  ██████  ███████    ██    ██   ██ ██   ██  ██████ ███████

EOF

if [ "$#" -ne 4 ]; then
  echo "Usage: $0 <gcp-project-id> <gke-cluster-name> <gke-zone-or-region> <kubeconfig-output-path>"
  exit 1
fi

GCP_PROJECT="$1"
GKE_CLUSTER="$2"
GKE_LOCATION="$3"
KUBECONFIG_OUTPUT="$4"

command -v gcloud >/dev/null 2>&1 || { echo "❌ gcloud CLI not found."; exit 1; }
command -v kubectl >/dev/null 2>&1 || { echo "❌ kubectl not found."; exit 1; }

TEMP_KUBECONFIG=$(mktemp)
trap "rm -f $TEMP_KUBECONFIG" EXIT
export KUBECONFIG="$TEMP_KUBECONFIG"

echo "🔧 Fetching GKE cluster credentials..."
gcloud container clusters get-credentials "$GKE_CLUSTER" --project "$GCP_PROJECT" --zone "$GKE_LOCATION"

GKE_CONTEXT=$(kubectl config current-context)
KUBECTL_GKE="kubectl --context=$GKE_CONTEXT --kubeconfig=$TEMP_KUBECONFIG"

NAMESPACE="kubetrace-readonly"
SA_NAME="kubetrace-readonly-user"
CLUSTER_ROLE="kubetrace-readonly-clusterrole"
CLUSTER_BINDING="kubetrace-readonly-binding"

echo "🔧 Creating namespace: $NAMESPACE"
if ! $KUBECTL_GKE get ns "$NAMESPACE" >/dev/null 2>&1; then
  $KUBECTL_GKE create namespace "$NAMESPACE"
fi

echo "🔧 Creating service account: $SA_NAME"
if ! $KUBECTL_GKE -n "$NAMESPACE" get sa "$SA_NAME" >/dev/null 2>&1; then
  $KUBECTL_GKE -n "$NAMESPACE" create sa "$SA_NAME"
fi

echo "🔧 Creating ClusterRole: $CLUSTER_ROLE"
$KUBECTL_GKE apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: $CLUSTER_ROLE
rules:
- apiGroups: [""]
  resources: ["pods", "services", "endpoints", "nodes", "configmaps", "secrets", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
  resources: ["jobs", "cronjobs"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
  resources: ["roles", "rolebindings", "clusterroles", "clusterrolebindings"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
  resources: ["networkpolicies", "ingresses", "ingressclasses"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
  resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities", "volumeattachments"]
  verbs: ["get", "list", "watch"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["metrics.k8s.io"]
  resources: ["nodes", "pods"]
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["serviceaccounts/token"]
  verbs: ["create"]
  resourceNames: ["$SA_NAME"]
EOF

echo "🔧 Creating ClusterRoleBinding: $CLUSTER_BINDING"
$KUBECTL_GKE create clusterrolebinding "$CLUSTER_BINDING" \
  --clusterrole="$CLUSTER_ROLE" \
  --serviceaccount="$NAMESPACE:$SA_NAME" \
  --dry-run=client -o yaml | $KUBECTL_GKE apply -f -

echo "🔑 Generating token for service account..."
TOKEN=$($KUBECTL_GKE -n "$NAMESPACE" create token "$SA_NAME")

echo "🧩 Building kubeconfig for readonly access..."
CLUSTER_INFO=$(kubectl --kubeconfig="$TEMP_KUBECONFIG" config view -o jsonpath="{.contexts[?(@.name=='$GKE_CONTEXT')].context.cluster}")
API_SERVER=$(kubectl --kubeconfig="$TEMP_KUBECONFIG" config view -o jsonpath="{.clusters[?(@.name=='$CLUSTER_INFO')].cluster.server}")
CA_DATA=$(kubectl --kubeconfig="$TEMP_KUBECONFIG" config view --raw -o jsonpath="{.clusters[?(@.name=='$CLUSTER_INFO')].cluster.certificate-authority-data}")

cat > "$KUBECONFIG_OUTPUT" <<EOF
apiVersion: v1
kind: Config
clusters:
- name: $CLUSTER_INFO
  cluster:
    server: $API_SERVER
    certificate-authority-data: $CA_DATA
users:
- name: $SA_NAME
  user:
    token: $TOKEN
contexts:
- name: ${SA_NAME}-context
  context:
    cluster: $CLUSTER_INFO
    user: $SA_NAME
current-context: ${SA_NAME}-context
EOF

echo
echo "✅ Done! Read-only kubeconfig written to: $KUBECONFIG_OUTPUT"
echo "👉 Use it like:"
echo "   kubectl --kubeconfig=$KUBECONFIG_OUTPUT get pods --all-namespaces"

Usage Example

./kubetrace-gcp.sh my-project my-gke-cluster us-central1-a readonly-kubeconfig.yaml

Prerequisites for Vultr

Vultr CLI installed and configured
Access to your VKE cluster
Valid Vultr API key

Vultr Onboarding Script

#!/bin/bash
set -euo pipefail

cat <<'EOF'

██   ██ ██    ██ ██████  ██      ████████ ██████  ██████  ███████
██  ██  ██    ██ ██   ██ ██         ██    ██   ██ ██   ██ ██
█████   ██    ██ ██████  ██         ██    ██████  ██████  █████
██  ██  ██    ██ ██      ██         ██      ██      ██   ██ ██
██   ██  ██████  ██      ███████    ██      ██      ██   ██ ███████

        🚀 Vultr Kubernetes Read-Only Kubeconfig Setup
EOF

if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <vultr-cluster-id> <kubeconfig-output-path>"
  exit 1
fi

CLUSTER_ID="$1"
KUBECONFIG_OUTPUT="$2"

NAMESPACE="kubetrace-readonly"
SA_NAME="kubetrace-readonly-user"
CLUSTER_ROLE="kubetrace-readonly-clusterrole"
CLUSTER_BINDING="kubetrace-readonly-binding"

command -v vultr-cli >/dev/null 2>&1 || { echo "❌ vultr-cli not found"; exit 1; }
command -v kubectl >/dev/null 2>&1 || { echo "❌ kubectl not found"; exit 1; }

echo "🔧 Fetching kubeconfig for cluster $CLUSTER_ID..."
vultr-cli kubernetes config "$CLUSTER_ID" --output temp-kubeconfig.yaml
export KUBECONFIG="$(pwd)/temp-kubeconfig.yaml"

CONTEXT_NAME=$(kubectl config current-context)
echo "✅ Using context: $CONTEXT_NAME"

if ! kubectl get ns "$NAMESPACE" >/dev/null 2>&1; then
  echo "🔧 Creating namespace $NAMESPACE..."
  kubectl create namespace "$NAMESPACE"
fi

if ! kubectl -n "$NAMESPACE" get sa "$SA_NAME" >/dev/null 2>&1; then
  echo "🔧 Creating service account $SA_NAME..."
  kubectl -n "$NAMESPACE" create sa "$SA_NAME"
fi

echo "🔧 Creating ClusterRole $CLUSTER_ROLE..."
kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: $CLUSTER_ROLE
rules:
- apiGroups: [""]
  resources: ["pods","services","nodes","namespaces","configmaps","secrets"]
  verbs: ["get","list","watch"]
- apiGroups: ["apps"]
  resources: ["deployments","replicasets","statefulsets","daemonsets"]
  verbs: ["get","list","watch"]
- apiGroups: ["batch"]
  resources: ["jobs","cronjobs"]
  verbs: ["get","list","watch"]
- apiGroups: ["metrics.k8s.io"]
  resources: ["nodes","pods"]
  verbs: ["get","list"]
- apiGroups: [""]
  resources: ["serviceaccounts/token"]
  verbs: ["create"]
  resourceNames: ["$SA_NAME"]
EOF

echo "🔧 Creating ClusterRoleBinding $CLUSTER_BINDING..."
kubectl create clusterrolebinding "$CLUSTER_BINDING" \
  --clusterrole="$CLUSTER_ROLE" \
  --serviceaccount="$NAMESPACE:$SA_NAME" \
  --dry-run=client -o yaml | kubectl apply -f -

echo "🔑 Generating token for service account..."
TOKEN=$(kubectl -n "$NAMESPACE" create token "$SA_NAME")

echo "🧩 Building read-only kubeconfig..."
API_SERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name=='$CONTEXT_NAME')].cluster.server}")
CA_DATA=$(kubectl config view --raw -o jsonpath="{.clusters[?(@.name=='$CONTEXT_NAME')].cluster.certificate-authority-data}")

cat > "$KUBECONFIG_OUTPUT" <<EOF
apiVersion: v1
kind: Config
clusters:
- name: $CONTEXT_NAME
  cluster:
    server: $API_SERVER
    certificate-authority-data: $CA_DATA
users:
- name: $SA_NAME
  user:
    token: $TOKEN
contexts:
- name: ${SA_NAME}-context
  context:
    cluster: $CONTEXT_NAME
    user: $SA_NAME
current-context: ${SA_NAME}-context
EOF

echo
echo "✅ Done! Read-only kubeconfig written to: $KUBECONFIG_OUTPUT"
echo "👉 Example usage:"
echo "   kubectl --kubeconfig=$KUBECONFIG_OUTPUT get pods --all-namespaces"

Usage Example

./kubetrace-vultr.sh abc123-cluster-id readonly-kubeconfig.yaml

Step 3: Resources Created by the Script

When you run this script, Kubetrace automatically provisions the following components in your cluster:

Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: kubetrace-readonly

Service Account

apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubetrace-readonly-user
  namespace: kubetrace-readonly

ClusterRole

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: kubetrace-readonly-clusterrole
rules:
  - apiGroups: [""]
    resources: ["pods", "services", "endpoints", "nodes", "configmaps", "secrets", "persistentvolumeclaims", "persistentvolumes", "namespaces"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["apps"]
    resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["batch"]
    resources: ["jobs", "cronjobs"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources: ["roles", "rolebindings", "clusterroles", "clusterrolebindings"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["networkpolicies", "ingresses", "ingressclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities", "volumeattachments"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["metrics.k8s.io"]
    resources: ["nodes", "pods"]
    verbs: ["get", "list"]

ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubetrace-readonly-binding
subjects:
  - kind: ServiceAccount
    name: kubetrace-readonly-user
    namespace: kubetrace-readonly
roleRef:
  kind: ClusterRole
  name: kubetrace-readonly-clusterrole
  apiGroup: rbac.authorization.k8s.io

Step 4: Complete Setup in Kubetrace Platform

After executing the script, follow these final steps in the Kubetrace platform:

Upload Kubeconfig (Step 4)
- Copy the contents of the generated kubeconfig.yaml file
- Paste it into Step 4 of the Kubetrace platform
Add Cluster (Step 5)
- Select the discovered cluster from the list
- Click Add Cluster
- Generate the Kubetrace operator configuration
Deploy Operator (Step 6)
- Copy the generated kubetrace-operator.yaml
- Execute the following command:
  kubectl apply -f kubetrace-operator.yaml
Verify Installation
- Check that the operator is running properly:
  kubectl get pods -n kubetrace-readonly
- All pods should be in Running status

Troubleshooting

Authorization Errors

If you encounter an error like:

(AuthorizationFailed) The client '57eada60-3d78-4de3-a599-93e8d7e4f' with object id '57eada60-3d78-4de3-a599-9db2a7e4f' does not have authorization to perform action

Solution: Follow the prerequisite instructions for admin access or least privilege setup as described in the non-admin instructions section of the script.

Admin Context Not Found

If you see ⚠️ Admin context not found, ensure you have obtained admin credentials:

az aks get-credentials --resource-group <your-resource-group> --name <cluster-name> --admin

Operator Not Running

If the operator pods are not running:

Check pod logs:

kubectl logs -n kubetrace-readonly <pod-name>

Verify the service account has proper permissions:

kubectl auth can-i list pods --as=system:serviceaccount:kubetrace-readonly:kubetrace-readonly-user

Support

For additional help or questions, please contact the Kubetrace support team or refer to the official documentation.

Getting started

Onboarding Cluster

Cluster Setup

Prerequisites

Step 1: Prepare to Execute the Script

Step 2: Execute the Onboarding Script

Prerequisites for Azure

Azure Onboarding Script

Usage Example

Prerequisites for AWS

AWS Onboarding Script

Usage Example

Prerequisites for GCP

GCP Onboarding Script

Usage Example

Prerequisites for Vultr

Vultr Onboarding Script

Usage Example

Step 3: Resources Created by the Script

Namespace

Service Account

ClusterRole

ClusterRoleBinding

Step 4: Complete Setup in Kubetrace Platform

Troubleshooting

Authorization Errors

Admin Context Not Found

Operator Not Running

Support

Getting started

​Cluster Setup

​Prerequisites

​Step 1: Prepare to Execute the Script

​Step 2: Execute the Onboarding Script

​Prerequisites for Azure

​Azure Onboarding Script

​Usage Example

​Prerequisites for AWS

​AWS Onboarding Script

​Usage Example

​Prerequisites for GCP

​GCP Onboarding Script

​Usage Example

​Prerequisites for Vultr

​Vultr Onboarding Script

​Usage Example

​Step 3: Resources Created by the Script

​Namespace

​Service Account

​ClusterRole

​ClusterRoleBinding

​Step 4: Complete Setup in Kubetrace Platform

​Troubleshooting

​Authorization Errors

​Admin Context Not Found

​Operator Not Running

​Support

Cluster Setup

Prerequisites

Step 1: Prepare to Execute the Script

Step 2: Execute the Onboarding Script

Prerequisites for Azure

Azure Onboarding Script

Usage Example

Prerequisites for AWS

AWS Onboarding Script

Usage Example

Prerequisites for GCP

GCP Onboarding Script

Usage Example

Prerequisites for Vultr

Vultr Onboarding Script

Usage Example

Step 3: Resources Created by the Script

Namespace

Service Account

ClusterRole

ClusterRoleBinding

Step 4: Complete Setup in Kubetrace Platform

Troubleshooting

Authorization Errors

Admin Context Not Found

Operator Not Running

Support